[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [UC-1-04:ARundgrenPush]
Evan, I completely concur with your opinion on this issue. We do have a clear process to follow. We (Anders?) should write up a concrete use case, called something like "negotiate trust relationship between partners". We should then discuss on the mailing list/concalls to make sure the use case is described enough for us to vote on. We should then vote on the use-case. My early prediction is that the use case will not pass muster - certainly a lot would have to be done to convince me to vote for it - but we will have followed the process and we will have useful artifacts for future work. Cheers, Dave > -----Original Message----- > From: Evan Prodromou [mailto:evan@outlook.net] > Sent: Monday, February 12, 2001 2:27 PM > To: S2ML-USE > Subject: Re: [UC-1-04:ARundgrenPush] > > > >>>>> "HL" == Hal Lockhart <hal.lockhart@entegrity.com> writes: > > >> You also lack a business case. Why do you need a particular > >> business case when we are talking about extending the access > >> system of practially all computer systems (but with arbitrary > >> granularity and semantics) to function over the web between > >> different, independent and constantly changing organizations as > >> well? IMO that's *hell* of a use case! If it is a hell to > >> design I am not yet able to tell. > > I'm replying to the wrong message, so, sorry. > > But I think Anders has gotten to the kernel of this issue. I think for > most of us with experience with AuthXML or S2ML, we've dealt from the > get-go with expecting peer security systems to have arranged their > partnership out-of-band. In other words, there are configuration > options on each piece of software that say what data is sent as > credentials, what profile information to share, what keys belong to > what security system, etc. > > We explicitly have this called out in the current doc, saying that > "trust negotiations must be made out-of-band." I agree with Anders > that there's a momentous opportunity in dropping this non-goal and > allowing the trust relationship to be negotiated IN-band ("Who are > you? Who says that's you? What do you want?"). > > However, I am extremely leery of this expansion of scope. I wonder if > there's an opportunity here to stow away this use case and use it for > a next version of [OSSML] or for even another effort of this > TC. Something that operates well with what we do, but not part of this > current effort. > > ~ESP > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC